Entra Verified-ID service

testuser7 271 Reputation points
2023-05-19T13:54:30.9066667+00:00

Hello,

I have created 2 MS-Entra Verified-ID instances in 2 AAD tenants.

I am using Tenant T1 to issue Verified-credentials (VC) and Tenant T2 to verify those VCs

I was able to successfully add VCs of Tenant T1 into my wallet i.e., MS-Authenticator app, but I am NOT able to submit those VCs when demanded by Verifier App of Tenant T2

I am always getting following Error on MS-authenticator app after scanning the QR-code

"Requested authority did not match an exitsing authority"

Thanks.

Microsoft Entra ID
Microsoft Entra ID
A Microsoft Entra identity service that provides identity management and access control capabilities. Replaces Azure Active Directory.
20,577 questions
0 comments No comments
{count} votes

4 answers

Sort by: Most helpful
  1. testuser7 271 Reputation points
    2023-05-19T18:48:34.8666667+00:00

    Any update is helpful !!!

    0 comments No comments

  2. Shweta Mathur 29,531 Reputation points Microsoft Employee
    2023-05-22T07:21:59.2166667+00:00

    Hi @testuser7 ,

    Thanks for reaching out.

    It seems the authority URL has not been configured correctly of the verifier.

    When the issuer and verifier are separate organizations, the verifier uses their own Azure AD tenant to perform the verification of the credential that was issued by the other organization.

    To setup verifier authority if verifier at different organization:

    1. From Verified ID, select Organization settings.
    2. Copy the Decentralized identifier value and configure it in "VerifierAuthority".

    Reference: https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-verifier

    In case both the issuer and verifier are in the same organization, then you can provide the same value in both the issuer and verifier authority.

    https://learn.microsoft.com/en-us/azure/active-directory/verifiable-credentials/verifiable-credentials-configure-issuer

    To resolve this issue, you need to ensure that the authorities are configured correctly for both the issuer and the verifier.

    Hope this will help.

    Thanks,

    Shweta


    Please remember to "Accept Answer" if answer helped you.

    0 comments No comments

  3. testuser7 271 Reputation points
    2023-05-22T13:04:32.3233333+00:00

    Thanks @Shweta Mathur

    I am actually doing exactly what you said.

    In order to make sure there is NO ambiguity, as a VERIFIER I hit https://verifiedid.did.msidentity.com/v1.0/verifiableCredentials/createPresentationRequest and send 2 distinct AUTHORITIES in the payload as per the schema of this API

    I successfully got the response back that I tried to feed to the MS-authenticator app. However, MS-authenticator could not start working and instead showed me above message.

    Let me ask you one thing right off the bat.

    My both tenant's Verified-ID instances ARE NOT added into Verified-ID Network.

    Is it necessary to first submit the form and get them added into the network by filling the form given at https://forms.office.com/pages/responsepage.aspx?id=v4j5cvGGr0GRqy180BHbR9InvG7hcQdLgOHwsho0ZfpUMTBSVjdIRFFKUVBNTjJQMzZTTURUUUZBQi4u??

    Thanks.

    0 comments No comments

  4. testuser7 271 Reputation points
    2023-05-23T11:58:22.7566667+00:00

    Hi @Shweta Mathur I think I am almost there.

    I was able to get pass the "Requested authority did not match an existing authority" I was using wrong access-token.

    So now MS-authenticator is showing me and asking my approval to submit the requested VC by the verifier-app.

    Once I submit the VC, MS-authenticator is showing me "generic error has occurred on the server. Protocol "http" not supported. Expected "https"

    Appreciate your help.

    Following is the screenshot of my mobile phone ms-authenticator app.

    User's image

    0 comments No comments